Ngừng hoạt động một phầnshare-external
Page iframe embed not showing on mobile
10

https://shottr.cc/s/1vv5/SCR-20240928-wnk.

Page iframe embed not showing on mobile

Tuấn Khiêm Hạ
Đã hỏi khoảng 2 tháng trước
Câu trả lời được chọn
1

Sill not fixed

12 tháng 10 lúc 09:13
Tuấn Khiêm Hạ
1

Same problem

16 tháng 10 lúc 01:46
Michał
1

same probleme here

21 tháng 10 lúc 09:20
Boris
1

Facebook doesnt care about this anymore.

21 tháng 10 lúc 16:35
Samuel
1

Same problem here that just started occurring! Please fix ASAP

26 tháng 10 lúc 16:37
Kane
1

Same here!

30 tháng 10 lúc 06:28
Matthias
1

Please fixxxxxxx

1 tháng 11 lúc 10:01
Tuấn Khiêm Hạ
1

Same problem here!

5 tháng 11 lúc 02:14
Marc
2

Something strange is happening. It's only working if you request the desktop version, and you have to do that through the iPhone Safari settings.

We're receiving a lot of complaints from merchants using our website builder that iframes have stopped showing on Safari. Can we please get this resolved?

3 tháng 10 lúc 12:30
Vlad
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

3 tháng 10 lúc 12:31
2

I discovered that if in mobile mode, the domain facebook.com will change to m.facebook.com and there will be problems here.

https://facebook.com/plugins/page.php?href=<FANPAFE_URL>&tabs=timeline&width=340&height=65&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId https://m.facebook.com/plugins/page.php?href=<FANPAFE_URL>&tabs=timeline&width=340&height=65&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

17 tháng 10 lúc 00:04
Hải
Tuấn Khiêm Hạ

Do you know how to fix it?

20 tháng 10 lúc 07:53
Hải

Explanation

The error "Refused to display 'https://m.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'" means that the Facebook mobile site (m.facebook.com) has security headers configured to prevent itself from being embedded within an iframe on other websites.

Here's a breakdown:

X-Frame-Options: This is an HTTP response header that controls whether a browser should be allowed to render a page in an

<

iframe>. It's a security measure to prevent clickjacking attacks. Clickjacking is when a malicious website overlays a transparent iframe containing another site (like Facebook's login page), tricking the user into interacting with the hidden iframe while thinking they are interacting with the malicious site. 'deny': This specific value of the X-Frame-Options header tells the browser to never display the page in an iframe, regardless of the site trying to embed it. The Problem: You're trying to embed the Facebook mobile site within an iframe on your own website. Facebook's security settings are preventing this. Solutions (none are guaranteed to work, as Facebook could change its policy):

Don't use an iframe for Facebook: This is the most reliable solution. Instead of embedding the entire page, consider using Facebook's official SDKs or APIs to display relevant content (like a Like button, comments section, or a share button). These are designed to work within other websites and are approved by Facebook. This is the recommended approach. Use a different Facebook endpoint (unlikely to work): There might be a different Facebook endpoint or a specific version of their site that doesn't have this restriction. However, this is highly unlikely and not a reliable solution. Facebook actively controls these headers to maintain security. Relying on this is not recommended. Contact Facebook (very unlikely to work): You could contact Facebook and ask them to allow your site to embed their mobile page, but they are very unlikely to make an exception for individual websites. Their security policy is in place for a reason. In summary: The best practice is to avoid embedding m.facebook.com (or any other site that restricts framing) in an iframe and use official Facebook tools to integrate their features. Trying to bypass the X-Frame-Options header is generally a bad idea, as it indicates a potential security vulnerability.

21 tháng 10 lúc 20:23
2

Same here, it's all blocked on mobile due to the iframe header block. Please fixxxx!

26 tháng 10 lúc 18:27
Maria
3

I'm having the same issue. I don't use Iframe, but the plug in isn't showing on all mobile browsers. If I change the browser settings to "show desktop site" it works fine. You can't see how it looks on mobile when you use a mobile browser to generate the code on the plug in page, but it shows a preview on desktop.

1 tháng 10 lúc 02:15
Simon
Simon

I've reported it through the Facebook "what's not working" route. Suggest others could do that too.

1 tháng 10 lúc 03:16
Doug

Having the same problem using Iframe code.

As in the post above 'If I change the browser settings to "show desktop site" it works fine.'

This is ugly.

1 tháng 10 lúc 11:43
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

3 tháng 10 lúc 12:31
4

Here same problem :(

28 tháng 9 lúc 14:15
Ronnie
4

Here same problem!

30 tháng 9 lúc 00:36
Ronnie
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

3 tháng 10 lúc 12:31
4

this is fb bug?

30 tháng 9 lúc 08:33
Tuấn Khiêm Hạ
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

3 tháng 10 lúc 12:31